ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCNSA All Questions

View all questions & answers for the PCNSA exam
Go to Exam

Exam PCNSA topic 1 question 360 discussion

Actual exam question from Palo Alto Networks's PCNSA
Question #: 360
Topic #: 1
[All PCNSA Questions]

The NetSec Manager asked to create a new firewall Local Administrator profile with customized privileges named New_Admin. This new administrator has to authenticate without inserting any username or password to access the WebUI.

What steps should the administrator follow to create the New_Admin Administrator profile?

  • A. 1. Set the Authentication profile to Local.
    2. Select the "Use only client certificate authentication" check box.
    3. Set Role to Role Based.
  • B. 1. Select the "Use only client certificate authentication" check box.
    2. Set Role to Dynamic.
    3. Issue to the Client a Certificate with Certificate Name = New Admin
  • C. 1. Select the "Use only client certificate authentication" check box.
    2. Set Role to Dynamic.
    3. Issue to the Client a Certificate with Common Name = New_Admin
  • D. 1. Select the "Use only client certificate authentication" check box.
    2. Set Role to Role Based.
    3. Issue to the Client a Certificate with Common Name = New Admin
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by jaredmcg13 at Nov. 21, 2023, 11:03 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Jallic
3 months ago
Another thing that conflicts (at least this is what I think), I suggested going with C, however in the question is does mention customized privileges, which I believe would mean the role should be set to 'Role Based'. https://docs.paloaltonetworks.com/panorama/11-0/panorama-admin/panorama-overview/role-based-access-control/administrative-roles So realistically the answer would really be: - Select the User Only client certificate - Set Role to 'Role Based - Issue Client cert "New_Admin"
upvoted 1 times
...
Jallic
3 months, 2 weeks ago
Selected Answer: C
I believe the answer here is C, in the video I can see the role is set to 'Dynamic' and they specifically say the Common Name must match the user id (case sensitive).
upvoted 1 times
...
Apache207
5 months, 3 weeks ago
C This setup ensures that the new administrator named New_Admin can authenticate using a client certificate without needing to enter a username or password. The "Dynamic" role setting allows the profile to be matched based on the certificate's Common Name.
upvoted 1 times
...
DIG_Tofu
10 months ago
D seems correct. Spaces are allowed in common name, according to RFC 7468. I guess ._.
upvoted 3 times
ploiesti
1 month, 2 weeks ago
Spaces are allowed in common name, according to RFC 7468. So it should be C. I didn`t know the answer but this is what I based myself on. C answer has underscore in the CN: New_Admin.
upvoted 1 times
...
...
Kaifus
1 year, 1 month ago
Soooo many holes in this question.... 1) Common name is an IP or FQDN, not something like New Admin 2) Certificate Name cannot have spaces That alone takes out B, C and D... A doesn't seem right either though given the context of the question. There has to be a certificate loaded on the client machine in order to do what the question is asking.
upvoted 1 times
...
jaredmcg13
1 year, 1 month ago
A is the answer https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/firewall-administration/manage-firewall-administrators/administrative-authentication
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago